CVE-2023-40022
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2023-40022 is a vulnerability affecting Rizin, a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior contain an integer overflow issue in the `consume_count` function of `src/gnu_v2/cplus-dem.c`. Although the overflow check logic is correct, it fails to account for the modulus when dealing with non-multiple-of-ten counts. This oversight allows for unintended behavior, potentially leading to significant security implications. Rizin has addressed this vulnerability in version 0.6.1. Meanwhile, a temporary workaround involves disabling C++ demangling by setting the configuration option `bin.demangle=false`.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- RIZIN